2016 Cybersecurity Law If any one of these describes your company

Slides:

Advertisements

Similar presentations

JCAHO –A HIPAA Business Associate National HIPAA Summit

Advertisements

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

IS3350 Security Issues in Legal Context

Resource Conservation and Recovery Act

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

INTERNET and CODE OF CONDUCT

Security Policies Group 1 - Week 8 policy for use of technology.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

LAW SEMINARS INTERNATIONAL New Developments in Internet Marketing & Selling November 13 & 14, 2006 San Francisco, California Moderator : Maureen A. Young.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Other Laws (Primarily for E-Government) COEN 351.

Responsible Data Use: Data restrictions Robert R. Downs, PhD NASA Socioeconomic Data and Applications Center (SEDAC) Center for International Earth Science.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.

Federal Trade Commission required to issue and enforce regulations concerning children’s online privacy. Initial COPPA Rule effective April 21, 2000;

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

1 PARCC Data Privacy & Security Policy December 2013.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

Privacy Act United States Army (Managerial Training)

Issues Related to Global Information Systems A business can’t just worry about its home- country laws, rules and regulations. If a business has global.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007 Privacy In The Web TATYANA STEFANOVA LEX.BG BULGARIA.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.

“Kids First, New Mexico Wins!” NMPED Data Conference Spring 2016 Dan Hill General Counsel, Public Education Department Randi Johnson General Counsel, State.

Insert Headline (28 pt. text) Maximum 2-3 Lines. Title Case. Insert Date (18 pt. text) Presented by: Insert Presenter(s) Names.

EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.

This document contains certain forward looking statements with respect to the Group’s financial condition, results of operations and business, and our.

Personal Selling and Direct Marketing

Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.

Privacy principles Individual written policies

Contingent Workforce: Global Privacy Laws Overview

Providing Access to Your Data: Handling sensitive data

Microsoft 365 Get help with regulatory compliance

Privacy of Client Data.

Obligations of Educational Agencies: Parents’ Bill of Rights

Personal Selling and Direct Marketing

Privacy and Confidentiality in Research

Personal Selling and Direct Marketing

Module P6 Principle 6: Establish and Maintain a Management Process for Intellectual Property, Proprietary Information, and Competition-Sensitive Data Learning.

The introduction and the essential elements of E- Commerce.

Bob Siegel President Privacy Ref, Inc.

Move this to online module slides 11-56

2016 Annual CPNI Training CPNI & PI Awareness Beth Slough,

HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT

CompTIA Security+ Study Guide (SY0-401)

Clemson University Red Flags Rule Training

IS4680 Security Auditing for Compliance

The General Data Protection Regulation: Are You Ready?

HIPAA Overview.

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

General Date Protection Regulation

EU Data Protection Legislation

Presentation transcript:

2016 Cybersecurity Law If any one of these describes your company the Cybersecurity Law applies to you: My company has a website that customers can access in China. ☐ My company stores personal information (names, addresses, telephone numbers, birthdates, geographic location, or other identifying information), on anybody who is a Chinese citizen. We have used customer data to improve our user experience or to measure the success of marketing campaigns. My company provides network services or conducts some transactions online. 1. Article 76 of the law stipulates that administrators and owners of networks, which may include websites, must comply with all the regulations of “network operators.” 2. Storing personal information for Chinese citizens makes a company liable for the information’s security. 3. The uses of personal information, even electronic data like user behavior, is tightly controlled under the new law. Companies that collect and use electronic data to improve their services must carefully comply with the law. 4. Providing network services and conducting online transaction services likely will classify a company under a more stringent “network operator” definition with attendant risks and responsibilities. 5. If a company is determined to be part of the “Critical Information Infrastructure,” they face very strict requirements under the new law. Data localization, IP risks, and administrative oversight could potentially impose huge burdens on operations in China. Read the ‘Notes’ section of this slide for more information.

Compliance responsibilities User Protection: Your company is required to protect individual information from compromise by establishing “user information protection systems.” Cybersecurity Responsibility: Companies that retain personal information must also maintain a a plan to react to threats and have a designated person responsible for cybersecurity. Information Storage: You must ensure that individuals using your services are informed of how their personal data will be collected and used, and must obtain user consent. User Rights: You must provide users the ability to correct or delete the information collected about them, and the means to withdraw their consent or cancel their account. Information Control: Your company must only collect information for a specific purpose and must delete the information after it has been used for that purpose. You cannot sell the information, and must ensure its accuracy. Data controllers are liable for any information they collect, regardless of how it is collected. Privacy and Intellectual Property: If requested by Chinese security authorities, you must provide “technical assistance” as needed. This assistance may include turning over intellectual property or proprietary business information, and some experts believe collusion with domestic competitors is a possible outcome. “Personal information” includes: Biological identification data, as well as electronic information such as geographic location, online behavior data, and financial data “Technical assistance” may include: Passwords, encryption, files stored in China, intellectual property or business information Private business information or research about users, customers, processes, plans, etc. In addition, companies with products, services, or networks that are labeled “Critical Information Infrastructure” will face additional compliance demands far above what is described here. Go to our website: www.amchamchina.org Read the ‘Notes’ section of this slide for more information.